Eleftheria Stein
420e8227d4
Resolve artifacts from Maven Central first
...
- Use spring-build-conventions:0.0.36
- Add https://repo.spring.io/release to reference
Closes gh-9367
2021-01-22 13:28:35 +01:00
tristanessquare
580b988e7f
Fix NullPointerException
...
- Caused by a malformed WWW-Authenticate value
Closes gh-9364
2021-01-21 16:22:29 -07:00
tristanessquare
56db058fd0
Fix NullPointerException
...
- Caused by a malformed WWW-Authenticate value
2021-01-21 16:18:23 -07:00
Eleftheria Stein
793781fb67
Add manual trigger to CI workflow
...
Closes gh-9360
2021-01-21 14:02:54 +01:00
Rob Winch
1181740f79
Constant Time Comparison for CSRF tokens
...
Closes gh-9291
2021-01-20 16:18:25 -06:00
Rob Winch
e6d6b39767
Constant Time Comparison for CSRF tokens
...
Closes gh-9291
2021-01-20 16:17:25 -06:00
Rob Winch
acb5ae607b
Constant Time Comparison for CSRF tokens
...
Closes gh-9291
2021-01-20 16:09:21 -06:00
Ihor Ilkevych
43a071a89e
Add WebFlux oauth2Login with formLogin test
...
Closes gh-9326
2021-01-20 15:04:06 -05:00
Rob Winch
ad4497fb72
Add https://repo.spring.io/release to reference
2021-01-19 22:50:43 -06:00
Rob Winch
51ee0de3fd
Use spring-build-conventions:0.0.36
2021-01-19 17:20:12 -06:00
Rob Winch
c421b3f635
spring-build-conventions:0.0.35.RELEASE
2021-01-19 17:20:12 -06:00
Rob Winch
3db112cc20
Spring Boot 2.4.0
2021-01-19 17:20:12 -06:00
Evgeniy Cheban
77484018bb
Reconsider AntPathRequestMatcher matching logic
...
Closes gh-9285
2021-01-19 12:02:06 -07:00
Josh Cummings
f36e2fca59
Remove SingleKeyJWSKeySelector
...
Closes gh-9348
2021-01-15 22:15:56 -07:00
Josh Cummings
65d3b0d71c
Add ResourceKeyConverterAdapter
...
Simplifies publishing RsaKeyConverters with
@ConfigurationPropertiesBinding
Issue gh-9316
2021-01-15 22:15:56 -07:00
Nelson Osacky
06b748c9c2
Update Gradle Enterprise Gradle Plugin
2021-01-13 12:44:03 -06:00
Ivan Pavlov
f4d78d00ef
Extend CorsDsl with CorsConfigurationSource property
...
Issue: gh-9314
2021-01-13 10:22:07 +01:00
Rob Winch
77a1befcc2
Fix Checkstyle for CsrfWebFilter
...
Issue gh-9337
2021-01-12 11:38:01 -06:00
Rob Winch
0201c31deb
Fix Checkstyle for CsrfWebFilter
...
Issue gh-9337
2021-01-12 11:37:12 -06:00
Rob Winch
628ea00ad4
Fix CsrfWebFilter error message when expected CSRF not found
...
Closes gh-9337
2021-01-12 11:31:26 -06:00
Rob Winch
b08075a721
Fix CsrfWebFilter error message when expected CSRF not found
...
Closes gh-9337
2021-01-12 11:30:12 -06:00
Rob Winch
61b75bb2d6
Fix CsrfWebFilter error message when expected CSRF not found
...
Closes gh-9337
2021-01-12 11:19:11 -06:00
Rob Winch
a1083d9a5c
Fix CsrfWebFilter error message when expected CSRF not found
...
Closes gh-9337
2021-01-12 11:18:29 -06:00
Josh Cummings
160a4a3676
Reformat MvcRequestMatcher
...
- Moved related private methods together
Issue gh-9284
2021-01-11 08:28:59 -07:00
Evgeniy Cheban
8449df9fd2
Consider Aligning MvcRequestMatcher's matching methods
...
Closes gh-9284
2021-01-09 21:42:16 +03:00
Josh Cummings
6499a235b0
Suppress Compiler Warnings
2021-01-08 11:30:28 -07:00
Eleftheria Stein
429caeacc9
Fix bug with multiple AuthenticationManager beans
...
Closes gh-9256
2021-01-06 18:19:13 +01:00
Eleftheria Stein
8cefc8a792
Fix bug with multiple AuthenticationManager beans
...
Closes gh-9256
2021-01-06 16:26:26 +01:00
Josh Cummings
7dde7cffda
Add Status Check
...
Closes gh-8955
2021-01-05 17:32:47 -07:00
Josh Cummings
337d24e6db
Update Copyright Messages
...
Issue gh-9202
2021-01-05 15:30:51 -07:00
Mazen Aissa
c907838440
Make max-session configurable
...
Closes gh-9202
2021-01-05 15:30:51 -07:00
Nelson Osacky
6d59b1044a
Add Revved up by Gradle Enterprise badge to README
...
Similar to: https://github.com/spring-projects/spring-boot/pull/24640
2021-01-05 11:00:41 -07:00
Josh Cummings
0fc80a6a65
Renew Sample Certificate
...
Closes gh-9320
2021-01-04 12:12:29 -07:00
Josh Cummings
6dc22835fd
Renew Sample Certificate
...
Closes gh-9320
2021-01-04 12:12:17 -07:00
Josh Cummings
8c93d95818
Renew Sample Certificate
...
Closes gh-9320
2021-01-04 12:11:19 -07:00
Josh Cummings
cb10c9cfb6
Renew Sample Certificate
...
Closes gh-9320
2021-01-04 12:06:55 -07:00
Zeeshan Adnan
848bd44837
Remove unused code
...
Issue gh-9203
2020-12-18 11:49:52 -07:00
Rob Winch
40e027c56d
Constant Time Comparison for CSRF tokens
...
Closes gh-9291
2020-12-17 15:01:43 -06:00
Josh Cummings
c066e23a86
Add @since attributes
...
Issue gh-8900
2020-12-16 15:58:53 -07:00
Evgeniy Cheban
34b4b1054f
Add AuthorizationManager
...
Closes gh-8900
2020-12-16 15:58:36 -07:00
Nick McKinney
5306d4c4d5
Minor cleanup on Ant / Regex Request Matchers
...
- Removed duplicative code for transforming String into HttpMethod
- Removed an unnecessary array initialization
2020-12-14 14:19:23 +01:00
Nick McKinney
6be25df1db
Introduced DispatcherType request matcher
...
Created a DispatcherTypeRequestMatcher and corresponding methods
for configuring an HttpSecurity object. This enables filtering of
security rules based on the dispatcher type of the incoming servlet
request.
Closes gh-9205
2020-12-14 14:19:23 +01:00
Josh Cummings
2566abec31
Add Type Parameter
...
Closes gh-8412
2020-12-11 10:20:18 -07:00
Christophe Gilles
54d3839f63
Add permissionsPolicy http header
2020-12-11 12:32:18 +01:00
Serdar Kuzucu
48ef27b80a
Make assertion messages in CookieCsrfTokenRepository clearer
...
Changes assertion message format from 'X is not null' to
'X cannot be null' since this is more meaningful when the error
occurs and the message is printed in the logs.
Closes gh-9195
2020-12-09 10:45:22 -06:00
Serdar Kuzucu
76e117a67a
Allow maximum age of csrf cookie to be configured
...
Allows maxAge of the generated cookie by CookieCsrfTokenRepository
to be configurable.
Prior to this commit, maximum age was set with a value of -1.
After this commit, it will be configured by the user with an either
positive or negative value. If the user does not provide a value,
it will be set -1.
An IllegalArgumentException will be thrown when
this value is set to zero.
Closes gh-9195
2020-12-09 10:45:22 -06:00
Eleftheria Stein
90b48554e4
Fix Custom DSL sample in docs
2020-12-09 10:48:15 +01:00
Josh Cummings
f614a8230c
Polish getRemoteUser
...
- Corrected instanceof check
Issue gh-3357
2020-12-03 13:08:40 -07:00
Stephen Joyner
9c373ef4f8
getRemoteUser() returns principal name
...
Closes gh-3357
2020-12-03 13:08:40 -07:00
Ovidiu Popa
174b71c017
OidcIdToken cannot be serialized to JSON if token contains claim of type JSONArray or JSONObject
...
ObjectToListStringConverter and ObjectToMapStringObjectConverter were checking if the source object is of type List or Map and if the first element or key is a String. If we have a JSONArray containing Strings the above check will pass, meaning that a JSONArray will be returned which is not serializable (same applies to JSONObject)
With this change, even if the check is passing a new List or Map will be returned.
Closes gh-9210
2020-12-03 11:42:00 -05:00